A few days ago we released a batch of updates for XCP-ng 7.6 and XCP-ng 8.0. Here's information about what they contain.

If you don't know how to update, follow this guide. Join the discussion on our community forum.

Updates for XCP-ng 8.0

Security update: microcode_ctl

The microcode_ctl package contains microcode for Intel CPUs. The update brings updated microcode for the SandyBridge family of CPUs to mitigate MDS attacks.

XCP-ng 8.0 already contains updated microcodes from Intel when released, before Citrix released a hotfix, but their update contains one additional file so we synced with their package.

After the update: reboot (pool master first) only if your hosts have SandyBridge CPUs.

Bugfix & performance: Xen + guest templates

The Xen update addresses:

  • Avoids possible memory corruption when forcibly shutting down a VM with AMD MxGPU attached. Or when the guest that has an AMD MxGPU attached crashes.
  • Fixes a host crash that can occur when you force-shutdown a Windows VM that is in an unclean state.
  • Windows VMs could hang for more than a minute after live migration.
  • Windows VMs with the viridian_reference_tsc flag enabled could crash during live migration. This fix opens the door to possible performance improvements for your Windows VMs, because following that fix now Citrix advises to set viridian_reference_tsc and viridian_stimer flags to true for better performance.

The guest templates update ajusts the default settings for Windows versions that support Viridian: viridian_* settings are now set to true by default.

After the update:

Updates for XCP-ng 7.6

The updates for XCP-ng 7.6 contain bug fixes, a security update for the SandyBridge family of CPUs (microcode update from Intel) and minor improvements.

Security update: microcode_ctl

The microcode_ctl package contains microcode for Intel CPUs. The update brings updated microcode for the SandyBridge family of CPUs to mitigate the MDS attacks.

No changes are made to any other family of CPUs, which either already got a microcode update from Intel or never will, depending on the model.

After the update: reboot (pool master first) only if your hosts have SandyBridge CPUs.

Bugfix update: xcp-ng-xapi-plugins

This update fixes a memory consumption issue in our updater plugin that is used by Xen Orchestra for detecting available updates. In some situations, Xen Orchestra would trigger many runs of the plugin. Usually the plugin would answer very fast so there would be no consequence, but we met situations where the execution of the plugin took too much time, so memory was not released and it kept piling up.

When all the triggering conditions were met, the consequences of this bug were severe: hosts went out of memory and had to be rebooted.

Note: the affected hosts had the EPEL repositories left enabled (don't do that on XCP-ng), which probably played a role in increasing the plugin execution duration.

Solution: the new version of the updater plugin now first checks whether it's already running before attempting anything.

After the update: xe-toolstack-restart on each host, starting with pool master, when no tasks are running.

Bugfix update: Xen

This update avoids possible memory corruption when forcibly shutting down a VM with an AMD MxGPU attached. Also, when a guest that has an AMD MxGPU attached crashes.

After the update: reboot if you are using AMD MxGPUs in your VMs.

Enhancement: xcp-ng-pv-tools

The installation script for PV tools on linux now supports SLES 15 SP1, and recent CoreOS. The ISO image also has an updated README.

After the update: nothing to do.